diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index c9853ae..5c57368 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -25,7 +25,23 @@ in }; useSelfhostedCache = mkEnableOption "use self-hosted nix cache (currently hosted on gospel)"; - remoteBuilder.enable = mkEnableOption "set up as a remote builder"; + + remoteBuilder = { + enable = mkEnableOption "set up as a remote builder"; + client = { + enable = mkEnableOption "set up to use configured remote builders"; + sshKeyPath = mkOption { + type = types.str; + # NOTE: By default, only root user has read access. + # This means only builds initiated by root will be able to make use + # of distributed builds. + # TODO: Allow my normal user to make use of distributed builds. + default = "/etc/ssh/ssh_host_ed25519_key"; + description = "Path to ssh key to use to connect to remote builders"; + }; + }; + + }; }; config = mkIf cfg.enable ( @@ -79,6 +95,7 @@ in users.users.remotebuild = { isNormalUser = true; createHome = false; + home = "/var/empty"; group = "remotebuild"; # All the keys from ./remote_client_keys should be trusted @@ -96,6 +113,24 @@ in nix.settings.trusted-users = [ "remotebuild" ]; }) + (lib.mkIf cfg.remoteBuilder.client.enable { + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "gospel"; + sshUser = "remotebuild"; + sshKey = cfg.remoteBuilder.client.sshKeyPath; + system = "x86_64-linux"; + supportedFeatures = [ + "nixos-test" + "big-parallel" + "kvm" + ]; + } + ]; + }) ] ); } diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index 5bc9733..45727d7 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -7,8 +7,11 @@ ]; aa = { - nix.enable = true; - nix.useSelfhostedCache = true; + nix = { + enable = true; + useSelfhostedCache = true; + remoteBuilder.client.enable = true; + }; archetypes.workstation.enable = true;